D & F are correct answers here.
D, because PhpStudy is a documented/known backdoor so the source IP attempted a malicious connection.
References:
https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/multi/http/phpstudy_backdoor_rce
https://www.fortiguard.com/encyclopedia/ips/48804
F, because the phpinfo can provide access about the PHP version for sure.
Based on the logs, the following events were recorded:
"GPL WEB SERVER robots.txt access" from 10.1.1.128 to 10.0.0.10
"ET WEB SPECIFIC APPS PHPStudy Remote Code Execution Backdoor" from 10.1.1.129 to 10.0.0.10
"ET WEB SERVER MEB-PHP phpinfo access" from 10.1.1.130 to 10.0.0.10
"GPL WEB SERVER 403 Forbidden" from 10.0.0.10 to 10.1.1.129
Based on this information, I selected option D as the correct answer, which states "10.1.1.129 sent potential malicious requests to the web server". The logs indicate that the IP address 10.1.1.129 is involved in a remote code execution backdoor, which is a clear indication of malicious activity. The "403 Forbidden" response from the web server suggests that the request from 10.1.1.129 was blocked.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
db97
Highly Voted 2 years, 2 months ago2Fish
2 years, 1 month agoabsabs
Most Recent 2 years, 2 months agognnggnnggnng
2 years, 2 months ago